The present invention relates to an apparatus and to a method for the biometric identification of a person, who has an authentication area containing biometric features. Such apparatuses and methods are used, for example, in electronic appliances where a user needs to authenticate himself before using the appliance. Examples of such electronic appliances are telecommunication appliances, such as mobile telephones, and computers. In mobile telephones, for example, it is usual to use a so-called personal identification number (PIN) as access authorization. In this context, in order to be able to make a telephone call, the user needs to enter a particular PIN which is known only to him. The mobile telephone checks this PIN and, if the check is positive, enables the mobile telephone for the purpose of making calls.
In addition, more general identification codes, like PINs, are used in computers in order to control access to particular data or services of the computer or of a communication network to which the computer is connected.
Usually, the authentication information is entered using a keypad associated with the apparatus and is then checked. In this way, the authorization of the user making the entry is established by the mobile telephone, the computer or the communication network.
In mobile telephones based on the GSM standard, this is done by virtue of a data processing device on the appliance""s xe2x80x98SIMxe2x80x99 card checking whether the entered PIN matches the information stored on the SIM card. If this is the case, the SIM card enables the telephone for use. According to the GSM standard, a particularly high level of security is obtained for the telephone customer by virtue of the fact that the PIN must not be stored in the mobile telephone itself, but rather is stored on the SIM card in encrypted form only.
In addition, biometric identification methods have recently been developed in which biological or biometric features of a user are used for authentication purposes. By way of example, the fingerprint of a user is used as unique identification of this user. Such biometric identification is a complex but convenient and often very secure method of ensuring that a particular person is associated with and can access a service, an object or a place. In this context, the advantage of biometric identification over the PIN is that it cannot be forgotten, and that the biometric features can be copied only with very great difficulty, or cannot be copied at all. Whereas the PIN is pure software, biometric features always have a more or less unique association with the hardware, i.e. with the body of the authorized user. Since the PIN entails the entry of digits or text, which usually requires a series of keystrokes, this always results in convenience being diminished, and hence sometimes in the security measures being bypassed. For example, with some mobile radio services, the user is able to turn off the PIN completely, at his own risk. Mobile radio services do not require acknowledgement of each individual telephone call by means of the PIN. This means that, once it has been turned on, a mobile telephone can be used by any third parties and hence also by unauthorized persons at the cost of the owner of the mobile telephone. Modern mobile telephones are increasingly trying to restrict the entry of digits for telephone numbers to emergencies. Attempts are even being made to manage with mobile telephones with no keypad at all for some applications. In this case, distinctive biometric identification, if it is possible with little effort, is very advantageous.
In current mobile telephones, however, the problem arises that they require the PIN to be stored on the SIM card in order to conform to standard on the basis of the GSM standard, as explained above. In accordance with the GSM standard, this PIN must not be additionally stored in the mobile telephone itself. The problem which this poses is that the PIN cannot be completely replaced by biometric identification without changing the GSM standard.
For this reason, a method has been proposed in which a unique identification number can be derived from biometric features. This unique identification number can accordingly be used as a PIN and, by way of example, can be forwarded to the SIM card of a mobile telephone. It is evident that, in this case, the PIN is not stored in the mobile telephone itself, but rather is merely calculated by the latter from detected biometric features.
If an authentication area of a person, such as the fingerprint of the person, is used, this authentication area contains biometric features which uniquely identify the person. In this context, the total authentication area, i.e. the fingerprint area, which can be used to identify the user is usually larger than the identification area of a sensor detecting the biometric features of the person""s authentication area. This means that the sensor uses only part of the person""s authentication area to derive the unique identification number. Accordingly, variations in position, for example of the fingerprint area, on the identification area of the sensor can result in different identification numbers. Such different identification numbers for a user cannot be used as a PIN and make unique identification of the user more difficult.
It is the object of the present invention to provide an apparatus and a method for the biometric identification of a person, who has an authentication area containing biometric features, in which a unique identification number can be derived irrespective of variations in the positioning of the part of the person""s authentication area which is situated on the identification area of the sensor.
The invention provides an apparatus for the biometric identification of a person, who has an authentication area containing biometric features, comprising a sensor having an identification area for detecting the biometric features of the part of the person""s authentication area which is situated on the identification area, a comparison device for comparing the detected biometric features of the first area with the biometric features, stored in a memory, of a part of the authentication area of an authorized person or of a plurality of authorized persons and for determining the relative position of the biometric features detected by the sensor within the part of the authentication area, and a computation device for calculating an identification code, which identifies the person detected by the sensor, from the detected biometric features which are not stored in the memory 4 on the basis of the relative position of the biometric features which are stored in the memory (4) within the stored authentication area.
An advantage of the apparatus according to the invention is that the identification area of the sensor is split into two regions, with one region being used for position determination within the authentication area while the second region is used to generate a unique identification number, the biometric features of this region not being stored in the apparatus. This ensures that, even if different portions of the user""s authentication area are in contact with the identification area of the sensor, it is always possible to calculate a unique identification code which characterizes the user.
In one embodiment of the invention, the sensor detects the fingerprint of a person, the person""s authentication area comprising the possible fingerprint areas of a finger of this person which are not used to calculate the identification code.
The advantage of the use of a fingerprint sensor is that the user can firstly place a finger on the sensor without any particular trouble, and, secondly, the biometric features of the fingerprint area permit particularly reliable identification of the user.
In addition, the present invention provides an appropriate method for the biometric identification of a person by means of an authentication area containing biometric features.
The fact that, in one embodiment of the method, the identification area is subdivided such that the region used for the position determination within the authentication area completely surrounds the area used to calculate the identification code ensures that the second, enclosed region always contains sufficient biometric features to calculate a unique identification code.